Disabling access to non AWS services via VPC endpoints
0
Is there a way we can prevent creation of VPC Endpoints in AWS PrivateLink for non AWS Services?. Customer looking to whitelist PrivateLink and want to make sure that no one can connect to non AWS services using PrivateLink. The condition key in the IAM policy ec2:VpceServiceName should work but wouldn't that prevent even the Admin to create any endpoint for non AWS Services?.
asked 3 years ago192 views
1 Answer
- Newest
- Most votes
- Most comments
0
You could add a condition on the permissions on "CreateVpcEndpoint" endpoint where the ServiceName does not contains "com.amazonaws.vpce" which would block creating endpoints for customer created endpoint services.
answered 3 years ago
Relevant content
- Accepted Answerasked 7 months ago
- asked a year ago
- asked 5 months ago
- Accepted Answerasked 10 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 months ago
- How do I delete my Network Load Balancer that's associated with VPC endpoint services (PrivateLink)?AWS OFFICIALUpdated 2 years ago
